Contact us   Feedback   Annual Subscription   New User   Login      
Tax Management India .com
TMI - Tax Management India. Com
Extracts
Home List
← Previous Next →

Fraud Risk Management in Banks The Do s and Don ts (Shri S. S. Mundra Deputy Governor - January 30 2017 - at Seminar on Financial Crimes Management arranged by CAFRAL Mumbai)

Fraud Risk Management in Banks: The Doís and Doníts (Shri S. S. Mundra, Deputy Governor - January 30, 2017 - at Seminar on Financial Crimes Management arranged by CAFRAL, Mumbai) - News and Press Release - Dated:- 2-2-2017 - Shri Gopalakrishna, Director, CAFRAL; fellow bankers and participants of the Program on Financial Crimes Management! At the outset, let me mention that this is the third occasion I am speaking on frauds in as many months. In November 2016, I spoke on Fraud Risk Management in .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

ater appreciation of fraud risk in the system. My involvement in these seminars/workshops also underlines the importance that RBI, as banking supervisor, attaches to the management of fraud risk in the system. Each time I speak on the issue I do so with a fervent hope that each participant in these seminars develops greater commitment and sensitivity to mitigating and managing fraud risk in his/her respective organisation. Today I intend to explore few other dimensions of the broad theme of frau .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

s well as globally. You will remember the Bangladesh Bank incident which rattled banks/central banks and forced us to look more closely at cyber security risks. There is an increasing trend in incidents pertaining to theft of personal information, abuse of ATMs and Distributed Denial of Service (DDoS) attacks on various banks. We have already witnessed an attempt to defraud a bank by abusing the SWIFT messaging system which thankfully could be salvaged post event without any apparent monetary lo .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

market. As technology evolves from being an enabler and differentiator to being at the core of the banks operations, associated issues of security need to be addressed comprehensively. 4. Post withdrawal of legal tender character of ₹ 500 and ₹ 1000 bank notes, there has been a phenomenal push towards digital mode of payment across the country. Aadhaar Enabled Payment Systems are gaining currency and the recent launch of BHIM app for facilitating payments is another welcome move. Whi .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

sharing and continuous learning as key elements. The Committee on Payments and Market Infrastructures (CPMI), BIS and the International Organization of Securities Commissions (IOSCO) have issued Guidance on cyber resilience for financial market infrastructures (FMIs) which also emphasises on the importance for authorities to cooperate to support broader financial stability objectives. The Bank of England (BoE) has implemented CBEST , a new framework for testing cyber security vulnerabilities, pa .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

s cyber security preparedness, to identify the gaps and to monitor the progress of remedial measures. More than 30 major banks are slated to be covered under detailed IT examination during 2016-17 and all banks by 2017-18. RBI s IT subsidiary (the Reserve Bank Information Technology (ReBIT) Pvt Ltd has also become operational with a mandate to focus on issues around IT systems and cyber security (including related research) of the financial sector and to also assist in the audit and assessment o .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

bank boards do not have expertise in this area, it would become a handicap in the smooth operations of banks. Second, the traditional ways of allocating budgets for IT services in general and cyber security in particular need to undergo a radical change leading to need based assessment and cost effective solutions. The scare that was created during the recent ATM/Debit card incident clearly indicates that cyber security requires top attention by the Board. A few days ago, Risk.Net published an .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

ed to stall launch of unsecure products, whenever necessary. However, ground realities do not provide the needed comfort. I want to use this forum to reiterate that the role of CISO needs to be clearly articulated and reinforced immediately. 9. Our June 2 circular also mandates having a separate cyber security policy and cyber crisis management plan in place. We have observed that in many cases, the banks react to cyber incidents in a knee jerk and an ad hoc manner which at times has a potential .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

, password management or port management, are ignored or entirely left to the vendors resulting in an undesirable impact. Statistics suggest that it takes on an average about 6 months to detect cyber-attacks by outsiders and longer in cases where attacks are by insiders. Thus, early detection and response assumes significant importance. Banks need to build capabilities to detect cyber-attacks early and respond to them quickly. Recovery from the incident is another aspect that needs to be well th .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

use analysis as well as findings of forensic audit also need to be shared promptly. You would appreciate that timely reporting of cyber incidents is very crucial to enable issuance of suitable cautionary advisories to other banks. 13. In a nutshell, all stakeholders must work collectively to guard and fight against the menace of cyber threat. To quote our Prime Minister, I dream of a DIGITAL INDIA where: Cyber Security becomes an integral part of our National Security2 Yes, when such message com .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

rate upon during the course of the Seminar and one issue for the policy makers to ponder over. a. The rate at which technology is undergoing a change is overwhelming. Contrary to that, human beings are slow learners and slower to adapt to changes, especially if it is a new technology. Against this background, the question that we need to ask ourselves is whether there is a need to employ newer and newer technology enabled products at a fast pace or are we merely doing this since competition has .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

before striking. These malwares are also known to self -destruct after they have achieved their desired objective. This is a really scary situation and hence, we need to be not only on continuous guard to identify the vulnerabilities that exist in our systems and to plug them but also scout for innocuous looking unknown programmes/malware from time to time. c. The next aspect that I wish to highlight is around human behaviour. We have always known banking to be a relationship built on trust. How .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

tomers are cyber literate. I understand that some countries like Israel, have introduced cyber awareness in their high school curriculum. Perhaps, we also need to think on similar lines. With moderate levels of general literacy in our country, this could be a tall order, but nevertheless it is a goal worth pursuing relentlessly. Let me now move from the cyber space to an earthly level. Advances related frauds 16. During the FY 2016, advances related frauds constituted nearly 92% of the total fra .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

e? As you know fraud is a criminal offence and any delay on the part of the bankers in initially red flagging an exposure and subsequently declaring it as a fraud will have far reaching implications on the employee conduct and internal governance standard. Banks and bankers could be charged for abetting the criminal offence. My call to you therefore, is to identify and declare the account as fraud without wasting time. The best course of action would be to follow the instructions in letter and s .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

is instruction is not always being followed. Recently, we had come across a case where a bank had extended a hand holding operation facility in case of very large fraud account. 18. Frauds in the area of cheque cloning continue to be one of the areas of concern for us. We have come across cases where though the original cheques remained in the custody of the customer, cheques with the same series were presented and encashed by fraudsters. RBI has issued guidelines in the issue to the banks in No .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

is on account of gap in understanding of technology between two sets of employees, colloquially called digital immigrants (older generation) and the digital natives (the newer generation). Especially in the public sector banks which suffer from a Missing Middle , the knowledge gap between the supervisors and supervised in the area of digital can be very stark and might result in loose controls. It is, therefore, important for the Board and Top Management of banks to look for ways to mitigate th .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

1: Have a ROBUST Fraud risk identification, event reporting, control, allocation and mitigation framework. Four eyes principle must be followed in all sensitive areas without compromise. Sutra 2: Follow the 5 Cs of CREDIT - Capacity, Capital, Collateral, Conditions and Character. Sutra 3: Bring in a CULTURE of eternal vigilance, strong internal control and compliance. Please remember Fraud is criminal offence. Sutra 4: Remember that the solution for TECHNOLOGICAL CHALLENGES is not always more t .....

X X X X X X X

Extract - Part text only
Click here to Access Full Contents

X X X X X X X

 

 

 

 

 



|| Home || Acts and Rules || Notifications || Circulars || Schedules || Tariff || Forms || Case Laws || Manuals ||

|| About us || Contact us || Disclaimer || Terms of Use || Privacy Policy || TMI Database || Members || Site Map ||

© Taxmanagementindia.com [A unit of MS Knowledge Processing Pvt. Ltd.] All rights reserved.

Go to Mobile Version